# -*- coding: utf-8 -*-
# @Time : 2023/7/30 18:21
# @Author : zxp
from rest_framework import permissions


class IsOwnerOrReadOnly(permissions.BasePermission):
    message = 'You must be the owner to update.'

    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        # 是否登录？登录后is_authenticated为True
        return request.user.is_authenticated

    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        # 当前文章作者 == 当前登录用户？True
        return obj.author == request.user
